The stolen data related to the names, dates of birth, addresses, phone numbers and email addresses of 9.7 million current and former customers, reports guardian. From 9.7 million, 5.1 million current customers.
The insurance company reported the data theft on Wednesday, October 26, 14 days after the attack was discovered on October 12.
Legislation in Australia requires Medibank to keep customers’ health records for seven years after a customer relationship ends, before the data is deleted. Therefore, it was not only the data of existing customers that was affected by the data breach.
If Medibank customers can document that they find themselves in a “particularly vulnerable situation” as a result of the hack, the company will provide them with a financial support package. The Company covers all costs incurred by customers in connection with, among other things, the issuance of new identity documents to those whose information has been leaked.
refuse to pay
According to Medibank estimates, the company’s costs related to a data breach will be at least 25-35 million dollars – 250-350 million kroner. The high amount comes as a result of the insurance company not being insured against cyber attacks. The amount is likely to increase because it does not include costs related to customer compensation and any claims from affected customers.
Medibank CEO David Koczkar said in a statement that the insurance company will not pay any ransom to hackers to return the data and prevent it from being made public.
“Based on the advice we received from cybercrime experts, we consider that the chances of the data being returned and not made public are minimal. Payment can have the opposite effect, as criminals are encouraged to extort our customers,” Kojkar said in a newspaper. statement From Medibank on Monday.
In an interview with Guardian Australia, Koczkar said: “You cannot trust criminals. Our advice is not to pay the ransom to provide the highest level of security for our customers, as well as other Australians.”
He wouldn’t reveal how much the hackers are asking for, but says the decision not to pay is not influenced by anything other than advice from cybercrime experts.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”